Close Menu
Cybercrime and Ransomware

Massive Data Breach Affects 33.7 Million Coupang Customers

Staff WriterBy No Comments4 Mins Read0 Views

Top Highlights

  1. Coupang, South Korea’s largest retailer, experienced a data breach exposing personal info of 33.7 million customers, including names, contacts, and order details, but not payment data.
  2. The breach was discovered on November 18, 2025, though it occurred on June 24, 2025, with unauthorized access traced back to a former employee using unrevoked access tokens.
  3. The company has reported the incident to authorities and advised affected customers to remain vigilant against impersonation attempts, without revealing specific attack details or perpetrators.
  4. This incident is the second major cybersecurity breach in South Korea this year, following SK Telecom’s exposure of 27 million users’ data due to a malware infection dating back to June 2022.

What’s the Problem?

In June 2025, Coupang, South Korea’s largest retailer, faced a significant data breach. Although they only discovered the breach in November, they had initially been unaware of the incident. The company revealed that the attack resulted in the exposure of personal details of approximately 33.7 million customers, including full names, phone numbers, email addresses, physical addresses, and order histories. Importantly, payment data such as credit card information and passwords remained secure. The breach was reportedly carried out by a former employee who exploited unrevoked access tokens to steal the data, although this information has not been independently verified.

Coupang promptly reported the breach to national authorities, including police and cybersecurity agencies, and notified affected individuals via email and SMS. Meanwhile, experts suggest that the breach reflects a broader cybersecurity challenge in South Korea, where this incident is the second major attack this year, following a malware infection that compromised 27 million users of SK Telecom in April. As investigations continue, Coupang warns customers to be cautious of potential impersonation schemes and emphasizes the importance of robust security practices to prevent future breaches, highlighting how lapses in identity and access management can have far-reaching consequences beyond just IT.

Potential Risks

The Coupang data breach, affecting 33.7 million customers, serves as a stark warning for all businesses; similarly, your company could face a similar attack. If sensitive customer data is compromised, trust erodes quickly, leading to lost clients and damaged reputation. Moreover, regulatory fines and legal actions can follow, increasing financial burdens. Additionally, operational disruptions—such as shutdowns of systems and investigations—hamper daily functions. As a result, revenue declines, and recovery costs spike sharply. In short, neglecting data security exposes your business to risks that can threaten its survival, emphasizing the urgent need for robust protection measures.

Possible Remediation Steps

In the case of Coupang’s data breach affecting 33.7 million customers, swift and effective remediation is crucial to minimize damage, restore customer trust, and prevent future attacks. Prompt action not only curtails the immediate threat but also demonstrates a commitment to security that can help regain stakeholder confidence.

Containment Measures

  • Isolate affected systems to prevent further data leakage.
  • Disable compromised accounts or credentials immediately.

Assessment & Analysis

  • Conduct a thorough investigation to understand breach scope and entry points.
  • Log analysis for identifying malicious activities.

Communication

  • Notify affected customers and relevant authorities per legal requirements.
  • Provide clear information on what happened and steps being taken.

Patching & Updates

  • Apply critical security patches to vulnerable systems.
  • Update software and firmware to latest secure versions.

Credential Management

  • Force password resets on all affected accounts.
  • Implement multi-factor authentication (MFA) for user and administrative access.

Enhanced Security Controls

  • Increase monitoring and intrusion detection system (IDS) capabilities.
  • Employ anomaly detection to identify suspicious activities.

Review & Improve

  • Conduct vulnerability assessments regularly.
  • Revise security policies and employee training programs.

Explore More Security Insights

Explore career growth and education via Careers & Learning, or dive into Compliance essentials.

Access world-class cyber research and guidance from IEEE.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1cyberattack-v1-multisource

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.